MITRE ATT&CK version 14

I. Introduction: Importance of staying updated with frameworks like MITRE ATT&CK

In the realm of offensive security, staying updated with frameworks like MITRE ATT&CK is pivotal. It provides a structured understanding of adversary behaviors, which is crucial for red teamers to emulate realistic threat scenarios effectively. Each update, such as the recent v14, brings forth new techniques, tactics, and procedures (TTPs) reflecting the evolving threat landscap

B. Emphasizing continuous adaptation and learning in red teaming.
The continuous adaptation and learning ingrained in red teaming are pivotal for staying ahead of adversaries. As demonstrated by the updates in MITRE ATT&CK v14, red teams must continually evolve to meet the challenges posed by the dynamic threat landscape, ensuring they provide the utmost value in bolstering an organization’s security posture.

e. By assimilating these updates, red teams can enhance their strategies, ensuring they are testing against the most recent and relevant threat models. This continuous adaptation not only refines the red team’s skillset but also better prepares organizations to thwart real-world adversaries.

II. Unveiling MITRE ATT&CK v14
A. Overview of new features in v14
The MITRE ATT&CK v14 update showcased several new features, including a large expansion of detection notes and analytics, inclusion of Financial Theft and Voice Phishing in the Enterprise domain, structured Detections in Mobile, and the re-addition of Assets to ICS​1​.

B. Significance of expanded detection notes and analytics
The expanded detection notes and analytics in v14 are of paramount importance as they provide more granular insight into adversary behaviors. This granularity enables red teams to better emulate advanced threat actors, making their simulated attacks more realistic and thus, providing more value in identifying and mitigating potential security gaps within the organization.

III. Delving into New Domains A. Financial Theft and Voice Phishing in Enterprise The inclusion of Financial Theft and Voice Phishing underlines the evolving threat landscape, emphasizing the need for organizations to bolster defenses against such prevalent threats.

B. Structured Detections in Mobile and Assets re-addition to ICS Structured Detections in Mobile enhances threat detection capabilities, while the re-addition of Assets to ICS underscores the importance of securing industrial environments. These updates reflect a holistic approach, ensuring that red teams have a broader spectrum of scenarios to test against, thereby aiding in a comprehensive security posture assessment.

IV. Implications for Red Teams A. Adapting to enhanced detection capabilities The enhanced detection capabilities in MITRE ATT&CK v14 challenge red teams to refine their strategies to bypass improved defenses, fostering a continuous cycle of improvement in both offensive and defensive security realms.

B. Exploring new attack vectors in Financial Theft, Voice Phishing, and ICS These new domains open avenues for red teams to explore novel attack vectors, thereby expanding the scope of red teaming exercises. It underscores the need for red teams to evolve with the changing threat landscape to provide more value in identifying and mitigating emerging risks.

V. Conclusion
A. Reflection on the evolving landscape of offensive security
The ever-evolving landscape of offensive security underscores the importance of frameworks like MITRE ATT&CK in guiding red teams towards more effective and realistic testing scenarios.

B. Emphasizing continuous adaptation and learning in red teaming.
The continuous adaptation and learning ingrained in red teaming are pivotal for staying ahead of adversaries. As demonstrated by the updates in MITRE ATT&CK v14, red teams must continually evolve to meet the challenges posed by the dynamic threat landscape, ensuring they provide the utmost value in bolstering an organization’s security posture.

Techniques

Enterprise

New Techniques

Major Version Changes

Minor Version Changes

Patches

Mobile

New Techniques

Minor Version Changes

Patches

ICS

Minor Version Changes

Patches

Software

Enterprise

New Software

Major Version Changes

Minor Version Changes

Patches

Revocations

  • Ngrok (revoked by ngrok(v1.1)

Mobile

New Software

ICS

Minor Version Changes

Patches

Groups

Enterprise

New Groups

Major Version Changes

Minor Version Changes

Patches

Mobile

New Groups

Minor Version Changes

ICS

Major Version Changes

Minor Version Changes

Campaigns

Enterprise

New Campaigns

Minor Version Changes

Mobile

ICS

New Campaigns

Assets

ICS

New Assets

Mitigations

Enterprise

Minor Version Changes

Mobile

New Mitigations

Minor Version Changes

Patches

ICS

Minor Version Changes

Patches

Contributors to this release

  • Aaron Jornet
  • Adam Lichters
  • Adam Mashinchi
  • Ai Kimura, NEC Corporation
  • Alain Homewood
  • Alex Spivakovsky, Pentera
  • Amir Gharib, Microsoft Threat Intelligence
  • Andrew Northern, @ex_raritas
  • Arad Inbar, Fidelis Security
  • Austin Herrin
  • Ben Smith, @ezaspy
  • Bilal Bahadır Yenici
  • Blake Strom, Microsoft Threat Intelligence
  • Brian Donohue
  • Caio Silva
  • Christopher Peacock
  • Edward Stevens, BT Security
  • Ford Qin, Trend Micro
  • Giorgi Gurgenidze, ISAC
  • Goldstein Menachem
  • Gregory Lesnewich, @greglesnewich
  • Gunji Satoshi, NEC Corporation
  • Harry Kim, CODEMIZE
  • Harun Küßner
  • Hiroki Nagahama, NEC Corporation
  • Itamar Mizrahi, Cymptom
  • Jack Burns, HubSpot
  • Janantha Marasinghe
  • Jennifer Kim Roman, CrowdStrike
  • Joas Antonio dos Santos, @C0d3Cr4zy
  • Joe Gumke, U.S. Bank
  • Joe Slowik – Dragos
  • Joey Lei
  • Juan Tapiador
  • Liran Ravich, CardinalOps
  • Manikantan Srinivasan, NEC Corporation India
  • Martin McCloskey, Datadog
  • Matt Green, @mgreen27
  • Michael Raggi @aRtAGGI
  • Mohit Rathore
  • Naveen Devaraja, bolttech
  • Noam Lifshitz, Sygnia
  • Olaf Hartong, Falcon Force
  • Oren Biderman, Sygnia
  • Pawel Partyka, Microsoft Threat Intelligence
  • Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd
  • Pooja Natarajan, NEC Corporation India
  • Sam Seabrook, Duke Energy
  • Serhii Melnyk, Trustwave SpiderLabs
  • Shailesh Tiwary (Indian Army)
  • Shankar Raman, Gen Digital and Abhinand, Amrita University
  • Sunders Bruskin, Microsoft Threat Intelligence
  • Tahseen Bin Taj
  • Thanabodi Phrakhun, @naikordian
  • The DFIR Report
  • Tim (Wadhwa-)Brown
  • Tom Simpson, CrowdStrike Falcon OverWatch
  • Tristan Madani (Cybereason)
  • TruKno
  • Uriel Kosayev
  • Vijay Lalwani
  • Will Thomas, Equinix
  • Yasuhito Kawanishi, NEC Corporation
  • Yoshihiro Kori, NEC Corporation
  • Yossi Weizman, Microsoft Threat Intelligence

Leave a comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Exit mobile version